Finally I get it working... I realised that in a rooted tablet, the AnyConnect client for rooted devices worked, so (and as you suggested in your first reply) it was related to the AnyConnect version. I was using "Samsung AnyConnect", and now I tried to look for more versions and I found AnyConnect ICS+, which works perfectly . Maybe I'd have to try all versions before posting... Thanks for your help!!
... View more

Hi Marius, I'm using Android 4.1.2, and tried it with 2 devices, a Samsung Galaxy S3 and a Samsung Galaxy Note 3. I downloaded the latest version of Samsung AnyConnect from the Play Store as the guide you told me says. And no, I don't have any problem to http that web servers connected to an inside organization WiFi. I think it should be a missconfig with AnyConnect that only affects mobile devices, could it be? And I don't know where to start looking to solve it. Thanks!
... View more

Hello, I have an ASA 5510 with AnyConnect and AnyConnect Mobile licenses. Clients with a laptop can connect through AnyConnect without troubles and can use all vpn resources. Clients with Android with AnyConnect client, can connect to the VPN, but they cannot load any webpage from internal web servers. They have connectvity to that servers cause I can ping them. They get the error: - [403] Request Error (invalid) <-- if I try to access through the IP of the web server. - [404] Not Found <-- if I try to access through the name. Thanks for your help!
... View more

Hi Jouni, Thanks, you guide me through the right way. I added the arp entries manually on both servers, and nothing. But I realised that broadcast address wasn't properly configurated in the soruce server. After fixing that, the both servers can communicate correctly adn the ASA is no loger receiveing that transmission. Yesterday I have been looking for a solution all the day, but I had the same issue from 2 servers and seeing that events in the ASA, I thought it was related to it. Thanks for your help!
... View more

Hi, I have a communication problem between 2 servers that are behind a firewall. I'm trying to connect from one to the other through TCP 3306 port and, after a lot of system configuration checks and tests, I found the following records in ASA debug console: Built inbound TCP connection 8762504 for Inside:192.168.254.16/41623 (192.168.254.16/41623) to Inside:192.168.254.13/3306 (192.168.254.13/3306) Teardown TCP connection 8762504 for Inside:192.168.254.16/41623 to Inside:192.168.254.13/3306 duration 0:00:00 bytes 0 TCP Reset-O Deny TCP (no connection) from 192.168.254.16/41623 to 192.168.254.13/3306 flags RST on interface Inside I found a possible solution in a post, telling to run the command: sysopt connection timewait And I tried it. I still cannot connect, but I don't receive the (no connection) message any more: Built inbound TCP connection 8756080 for Inside:192.168.254.16/41622 (192.168.254.16/41622) to Inside:192.168.254.13/3306 (192.168.254.13/3306) Teardown TCP connection 8756080 for Inside:192.168.254.16/41622 to Inside:192.168.254.13/3306 duration 0:00:24 bytes 0 SYN Timeout Few considerations: Source server: 192.168.254.16 Destination server: 192.168.254.13 Both servers behind the ASA 5510, connected through a switch and with the ASA inside IP as gateway. The server 192.168.254.13:3306 is accessible from remote vpn connections without any problems. This cannot be a missconfiguration in the source server, cause I tried to connect to the destination server from another server in the LAN and it doesn't work too. Thanks for your help!
... View more

Well I think I found the trouble. The point is that I'm not using the default port for HTTPS and DTLS. When I connected to the VPN through the portal, the Connected to box showed my outside IP, so when I disconnect, I try to connect to the same IP and then fails. What solved my issue was to add the port to the Connect to box, so now I'm able to connect to the vpn directly from the client using IP:port. Thanks for your help!
... View more

Hi Christopher, that was the first I have to do in order to be able to connect when I connect to the VPN (through the web) for the first time. So I can confirm it is unchecked. Thanks for the advice
... View more

Hi, in the connect To box there is the public IP of the ASA, so I think it might be correct. Then appears an Untrusted VPN Certificate warning, and after clicking "Connect Anyway" it shows the error. I have the anyconnect-win-3.1.04063-k9.pkg client software, should I try a lower version? Maybe I'll try to create the certificate through a Windows Server CA and then import to ASA and to the client, so see if it solves the issue...
... View more

Hello Christopher, thanks for your answer. I'm using an ASA, and in DAP I only have the DfltAccess, and I changed the Access Method from Unchanged to Both, but I have the same problem. Now I have a question (sorry if it is obvious), using the portal, I provide the login/passwd, but using only the client it doesn't ask me for credentials, it only shows the certificate error (cause it is self-signed), and when I accept it, the connection fails. Thanks!
... View more

Hi all, I'm very new in AnyConnect and I'm doing something wrong. If I navigate to https://myIP I can successfully log into the portal, download and install the AnyConnect Client and also CONNECT to the VPN. But if I disconnect to the VPN, and try to login again through the try icon, I get a "connection attempt has failed". So the only way I have to connect again is to navigate another time to the web portal and then, after login again, the VPN connection is successfully done. Thanks for your help!
... View more

Hello, I have an ASA 5505 working between a router and a LAN. The router have all ports redirected to the ASA. What I need now is to be able to access to the port 80 of the router from the WAN. I could redirect all ports to the ASA except the 80, but I cannot access to that router to change the config. Is there any way to redirect back the connection to the router if I try to access the port 80 of the public IP? I tried creating a static NAT rule to translate 10.1.1.1 from outside to outside in port 80, but it seems it doesn't work. I also allowed the traffic from any to outside-network in port 80, but nothing. The only actions logged are: Source IP Source Port Destination IP Destination Port Description 7.7.7.7 49679 10.1.1.1 80 Built inbound TCP connection 10341324 for outside:7.7.7.7/49679 (7.7.7.7/49679) to outside:10.1.1.1/80 (10.1.1.2/80) 7.7.7.7 49679 10.1.1.1 80 Teardown TCP connection 10341324 for outside:7.7.7.7/49679 to outside:10.1.1.1/80 duration 0:00:09 bytes 0 TCP Reset-O If someone could guide me through the rules I have to create it wold be nice
... View more